September 26, 2024 at 09:56AM WordPress.org has banned WP Engine from accessing its resources and delivering plugin updates, leaving end-users vulnerable to potential hacks. The conflict between the two involves alleged alteration of WordPress core feature for profit, legal disputes, and criticism. Users are advised to seek alternative hosting providers due to the uncertain resolution. … Read more
July 29, 2024 at 08:18AM Salt Labs, the research arm of API security firm Salt Security, has uncovered a cross-site scripting (XSS) attack affecting numerous websites, including major companies like HotJar and Business Insider. The attack exploits OAuth implementation, potentially leading to complete account takeovers. Salt Labs released its findings and a free scanner to … Read more
January 15, 2024 at 11:44AM Thousands of WordPress sites are affected by the Balada Injector malware, exploiting a vulnerability in the Popup Builder plugin. The campaign, active since 2017, aims to redirect visitors to fraudulent pages and push notification scams. The attackers establish persistent control by adding backdoors and malicious plugins. The issue was addressed … Read more